当前位置: 首页 > news >正文

CDH Kerberos启动后hue报错Couldn‘t renew kerberos ticket

news 来源:原创 2024/5/8 23:14:15

文章目录

  • 一、环境说明
    • 1、系统环境:centos7.7
    • 2、cloudera manager版本:6.3.2
    • 3、hue版本:4.2.0
  • 二、报错情况,Kerberos安装完成重启后错误
  • 三、解决方法
    • 1、cdh-cm-v01添加
    • 2、分发到其它节点
    • 3、cdh-ipa-v01添加
    • 4、重启freeIPA服务
    • 5、重启hue服务,hue正常运行
  • default_ccache_name = KEYRING:persistent:%{uid}

一、环境说明

1、系统环境:centos7.7

2、cloudera manager版本:6.3.2

3、hue版本:4.2.0

二、报错情况,Kerberos安装完成重启后错误

在这里插入图片描述

在这里插入图片描述

三、解决方法

1、cdh-cm-v01添加

vi /etc/krb5.conf

[root@cdh-cm-v01 ~]# vi /etc/krb5.conf

includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = YUNES.COM
 dns_lookup_realm = false
 dns_lookup_kdc = true
 rdns = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 udp_preference_limit = 0
# default_ccache_name = KEYRING:persistent:%{uid}
 default_ccache_name = FILE:/tmp/krb5cc_%{uid}

[realms]
 YUNES.COM = {
  max_renewable_life = 7d 0h 0m 0s
  kdc = cdh-ipa-v01.yunes.com:88
  master_kdc = cdh-ipa-v01.yunes.com:88
  admin_server = cdh-ipa-v01.yunes.com:749
  default_domain = yunes.com
  pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
  pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
}

[domain_realm]
 .yunes.com = YUNES.COM
 yunes.com = YUNES.COM
 cdh-ipa-v01.yunes.com = YUNES.COM

[dbmodules]
  YUNES.COM = {
    db_library = ipadb.so
  }

[plugins]
 certauth = {
  module = ipakdb:kdb/ipadb.so
  enable_only = ipakdb

在这里插入图片描述

2、分发到其它节点

cd ~/scripts/
./sync_to_all_node.sh /etc/krb5.conf /etc/

[root@cdh-cm-v01 ~]# cd scripts/
[root@cdh-cm-v01 scripts]# ./sync_to_all_node.sh /etc/krb5.conf /etc/
/etc/krb5.conf
/etc/
cdh-cm-v01.yunes.com
---------------------------------------------------------
Begin sync file from cdh-cm-v01.yunes.com:/etc/krb5.conf to AllCusterNode, Please waitting...

Sync file from /etc/krb5.conf to cdh-master-v01.yunes.com:/etc/
krb5.conf                                                                                                                                                                                        100% 1043     1.5MB/s   00:00    
Sync file from /etc/krb5.conf to cdh-master-v02.yunes.com:/etc/
krb5.conf                                                                                                                                                                                        100% 1043     1.3MB/s   00:00    
Sync file from /etc/krb5.conf to cdh-datanode-v01.yunes.com:/etc/
krb5.conf                                                                                                                                                                                        100% 1043     1.3MB/s   00:00    
Sync file from /etc/krb5.conf to cdh-datanode-v02.yunes.com:/etc/
krb5.conf                                                                                                                                                                                        100% 1043     1.1MB/s   00:00    
Sync file from /etc/krb5.conf to cdh-datanode-v03.yunes.com:/etc/
krb5.conf                                                                                                                                                                                        100% 1043     1.3MB/s   00:00    
Sync file from /etc/krb5.conf to cdh-client-v01.yunes.com:/etc/
krb5.conf

在这里插入图片描述

3、cdh-ipa-v01添加

vi /etc/krb5.conf

[root@cdh-ipa-v01 ~]# vi /etc/krb5.conf

includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = YUNES.COM
 dns_lookup_realm = false
 dns_lookup_kdc = true
 rdns = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 udp_preference_limit = 0
# default_ccache_name = KEYRING:persistent:%{uid}
 default_ccache_name = FILE:/tmp/krb5cc_%{uid}

[realms]
 YUNES.COM = {
  max_renewable_life = 7d 0h 0m 0s
  kdc = cdh-ipa-v01.yunes.com:88
  master_kdc = cdh-ipa-v01.yunes.com:88
  admin_server = cdh-ipa-v01.yunes.com:749
  default_domain = yunes.com
  pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
  pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
}

[domain_realm]
 .yunes.com = YUNES.COM
 yunes.com = YUNES.COM

在这里插入图片描述

4、重启freeIPA服务

ipactl restart

[root@cdh-ipa-v01 ~]# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ntpd Service
Restarting pki-tomcatd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful

在这里插入图片描述

5、重启hue服务,hue正常运行

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

[root@cdh-ipa-v01 ~]# vi /etc/krb5.conf

includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = YUNES.COM
dns_lookup_realm = false
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
udp_preference_limit = 0

default_ccache_name = KEYRING:persistent:%{uid}

default_ccache_name = FILE:/tmp/krb5cc_%{uid}

[realms]
YUNES.COM = {
max_renewable_life = 7d 0h 0m 0s
kdc = cdh-ipa-v01.yunes.com:88
master_kdc = cdh-ipa-v01.yunes.com:88
admin_server = cdh-ipa-v01.yunes.com:749
default_domain = yunes.com
pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
}

[domain_realm]
.yunes.com = YUNES.COM
yunes.com = YUNES.COM
cdh-ipa-v01.yunes.com = YUNES.COM

[dbmodules]
YUNES.COM = {
db_library = ipadb.so
}

[plugins]
certauth = {
module = ipakdb:kdb/ipadb.so
enable_only = ipakdb

相关文章:

  • 学Spring5源码之入门
  • Maven - 3、详解maven解决依赖问题
  • 1行代码提取6种TCGA表达矩阵和临床信息
  • 直升飞机领衔、三百辆婚车开道,三十台巨型吊车,小伟婚礼超豪华
  • 【2023秋招面经】OPPO 前端 一面(40min)
  • Nifi05 Nifi单节点、集群部署以及迁移
  • SQL server发布订阅事务复制新增表的解决方案(不重新初始化)
  • Tableau2——折线图,饼图
  • 对话腾讯天琴赵伟峰:当音乐与科技结合,会碰撞出怎样的火花?
  • codePen前端编码神器
  • Android 10.0 系统settings系统属性控制一级菜单显示隐藏
  • Linux多路I/O复用入门必读 -- epoll实现原理以及使用方法
  • systemverilog中的bind
  • 【视频】逆变换抽样将数据标准化和R语言结构化转换:BOX-COX、凸规则变换方法
  • 数说故事×IDEA荣获语言与智能技术竞赛「视频语义理解赛题」季军
  • CSS实用技巧
  • emacs初体验
  • HTML-表单
  • Js基础知识(四) - js运行原理与机制
  • Mac转Windows的拯救指南
  • mockjs让前端开发独立于后端
  • Python 使用 Tornado 框架实现 WebHook 自动部署 Git 项目
  • Python_OOP
  • Python中eval与exec的使用及区别
  • spring boot下thymeleaf全局静态变量配置
  • vagrant 添加本地 box 安装 laravel homestead
  • webgl (原生)基础入门指南【一】
  • 道格拉斯-普克 抽稀算法 附javascript实现
  • 分享一个自己写的基于canvas的原生js图片爆炸插件
  • 机器学习学习笔记一
  • 马上搞懂 GeoJSON
  • 前端学习笔记之观察者模式
  • 赢得Docker挑战最佳实践
  • 正则学习笔记
  • #14vue3生成表单并跳转到外部地址的方式
  • #if 1...#endif
  • (ctrl.obj) : error LNK2038: 检测到“RuntimeLibrary”的不匹配项: 值“MDd_DynamicDebug”不匹配值“
  • (板子)A* astar算法,AcWing第k短路+八数码 带注释
  • (二)WCF的Binding模型
  • (力扣记录)1448. 统计二叉树中好节点的数目
  • (论文阅读22/100)Learning a Deep Compact Image Representation for Visual Tracking
  • (转)3D模板阴影原理
  • .NET Core中Emit的使用
  • .NET Micro Framework 4.2 beta 源码探析
  • .NET 事件模型教程(二)
  • .NET 中使用 TaskCompletionSource 作为线程同步互斥或异步操作的事件
  • [ Linux 长征路第五篇 ] make/Makefile Linux项目自动化创建工具
  • []error LNK2001: unresolved external symbol _m
  • [51nod1610]路径计数
  • [C++基础]-初识模板
  • [codeforces] 25E Test || hash
  • [HDU] 1054 Strategic Game 入门树形DP
  • [IOI2018] werewolf 狼人
  • [iOS]-网络请求总结
  • [LeetCode]-Integer to Roman 阿拉伯数字转罗马数字